String userName
The name of the IAM user that the access key is associated with.
String accessKeyId
The ID for this access key.
String status
The status of the access key. Active means the key is valid for API calls, while
Inactive means it is not.
String secretAccessKey
The secret key used to sign requests.
Date createDate
The date when the access key was created.
Date lastUsedDate
The date and time, in ISO 8601 date-time format, when the access key was most recently used. This field is null when:
The user does not have an access key.
An access key exists but has never been used, at least not since IAM started tracking this information on April 22nd, 2015.
There is no sign-in data associated with the user
String serviceName
The name of the AWS service with which this access key was most recently used. This field displays "N/A" when:
The user does not have an access key.
An access key exists but has never been used, at least not since IAM started tracking this information on April 22nd, 2015.
There is no sign-in data associated with the user
String region
The AWS region where this access key was most recently used. This field is displays "N/A" when:
The user does not have an access key.
An access key exists but has never been used, at least not since IAM started tracking this information on April 22nd, 2015.
There is no sign-in data associated with the user
For more information about AWS regions, see Regions and Endpoints in the Amazon Web Services General Reference.
String userName
The name of the IAM user that the key is associated with.
String accessKeyId
The ID for this access key.
String status
The status of the access key. Active means the key is valid for API calls; Inactive
means it is not.
Date createDate
The date when the access key was created.
String openIDConnectProviderArn
The Amazon Resource Name (ARN) of the IAM OpenID Connect (OIDC) provider resource to add the client ID to. You can get a list of OIDC provider ARNs by using the ListOpenIDConnectProviders action.
String clientID
The client ID (also known as audience) to add to the IAM OpenID Connect provider resource.
String instanceProfileName
The name of the instance profile to update.
This parameter allows (per its regex pattern) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: =,.@-
String roleName
The name of the role to add.
This parameter allows (per its regex pattern) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-
String groupName
The name of the group to update.
This parameter allows (per its regex pattern) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: =,.@-
String userName
The name of the user to add.
This parameter allows (per its regex pattern) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: =,.@-
String groupName
The name (friendly name, not ARN) of the group to attach the policy to.
This parameter allows (per its regex pattern) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: =,.@-
String policyArn
The Amazon Resource Name (ARN) of the IAM policy you want to attach.
For more information about ARNs, see Amazon Resource Names (ARNs) and AWS Service Namespaces in the AWS General Reference.
String roleName
The name (friendly name, not ARN) of the role to attach the policy to.
This parameter allows (per its regex pattern) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-
String policyArn
The Amazon Resource Name (ARN) of the IAM policy you want to attach.
For more information about ARNs, see Amazon Resource Names (ARNs) and AWS Service Namespaces in the AWS General Reference.
String userName
The name (friendly name, not ARN) of the IAM user to attach the policy to.
This parameter allows (per its regex pattern) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: =,.@-
String policyArn
The Amazon Resource Name (ARN) of the IAM policy you want to attach.
For more information about ARNs, see Amazon Resource Names (ARNs) and AWS Service Namespaces in the AWS General Reference.
String oldPassword
The IAM user's current password.
String newPassword
The new password. The new password must conform to the AWS account's password policy, if one exists.
The regex pattern used to validate this parameter is a string of characters consisting of almost any printable ASCII character from the space ( ) through the end of the ASCII character range (ÿ). You can also include the tab ( ), line feed ( ), and carriage return ( ) characters. Although any of these characters are valid in a password, note that many tools, such as the AWS Management Console, might restrict the ability to enter certain characters because they have special meaning within that tool.
String contextKeyName
The full name of a condition context key, including the service prefix. For example, aws:SourceIp or
s3:VersionId.
SdkInternalList<T> contextKeyValues
The value (or values, if the condition context key supports multiple values) to provide to the simulation for use
when the key is referenced by a Condition element in an input policy.
String contextKeyType
The data type of the value (or values) specified in the ContextKeyValues parameter.
String userName
The name of the IAM user that the new key will belong to.
This parameter allows (per its regex pattern) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: =,.@-
AccessKey accessKey
A structure with details about the access key.
String accountAlias
The account alias to create.
This parameter allows (per its regex pattern) a string of characters consisting of lowercase letters, digits, and dashes. You cannot start or finish with a dash, nor can you have two dashes in a row.
String path
The path to the group. For more information about paths, see IAM Identifiers in the IAM User Guide.
This parameter is optional. If it is not included, it defaults to a slash (/).
This paramater allows (per its regex pattern) a string of characters consisting of either a forward slash (/) by itself or a string that must begin and end with forward slashes, containing any ASCII character from the ! (!) thru the DEL character (), including most punctuation characters, digits, and upper and lowercased letters.
String groupName
The name of the group to create. Do not include the path in this value.
This parameter allows (per its regex pattern) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: =,.@-. The group name must be unique within the account. Group names are not distinguished by case. For example, you cannot create groups named both "ADMINS" and "admins".
Group group
A structure containing details about the new group.
String instanceProfileName
The name of the instance profile to create.
This parameter allows (per its regex pattern) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: =,.@-
String path
The path to the instance profile. For more information about paths, see IAM Identifiers in the IAM User Guide.
This parameter is optional. If it is not included, it defaults to a slash (/).
This paramater allows (per its regex pattern) a string of characters consisting of either a forward slash (/) by itself or a string that must begin and end with forward slashes, containing any ASCII character from the ! (!) thru the DEL character (), including most punctuation characters, digits, and upper and lowercased letters.
InstanceProfile instanceProfile
A structure containing details about the new instance profile.
String userName
The name of the IAM user to create a password for. The user must already exist.
This parameter allows (per its regex pattern) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: =,.@-
String password
The new password for the user.
The regex pattern used to validate this parameter is a string of characters consisting of almost any printable ASCII character from the space ( ) through the end of the ASCII character range (ÿ). You can also include the tab ( ), line feed ( ), and carriage return ( ) characters. Although any of these characters are valid in a password, note that many tools, such as the AWS Management Console, might restrict the ability to enter certain characters because they have special meaning within that tool.
Boolean passwordResetRequired
Specifies whether the user is required to set a new password on next sign-in.
LoginProfile loginProfile
A structure containing the user name and password create date.
String url
The URL of the identity provider. The URL must begin with "https://" and should correspond to the
iss claim in the provider's OpenID Connect ID tokens. Per the OIDC standard, path components are
allowed but query parameters are not. Typically the URL consists of only a host name, like
"https://server.example.org" or "https://example.com".
You cannot register the same provider multiple times in a single AWS account. If you try to submit a URL that has already been used for an OpenID Connect provider in the AWS account, you will get an error.
SdkInternalList<T> clientIDList
A list of client IDs (also known as audiences). When a mobile or web app registers with an OpenID Connect
provider, they establish a value that identifies the application. (This is the value that's sent as the
client_id parameter on OAuth requests.)
You can register multiple client IDs with the same provider. For example, you might have multiple applications that use the same OIDC provider. You cannot register more than 100 client IDs with a single IAM OIDC provider.
There is no defined format for a client ID. The CreateOpenIDConnectProviderRequest action accepts
client IDs up to 255 characters long.
SdkInternalList<T> thumbprintList
A list of server certificate thumbprints for the OpenID Connect (OIDC) identity provider's server certificate(s). Typically this list includes only one entry. However, IAM lets you have up to five thumbprints for an OIDC provider. This lets you maintain multiple thumbprints if the identity provider is rotating certificates.
The server certificate thumbprint is the hex-encoded SHA-1 hash value of the X.509 certificate used by the domain where the OpenID Connect provider makes its keys available. It is always a 40-character string.
You must provide at least one thumbprint when creating an IAM OIDC provider. For example, if the OIDC provider is
server.example.com and the provider stores its keys at
"https://keys.server.example.com/openid-connect", the thumbprint string would be the hex-encoded SHA-1 hash value
of the certificate used by https://keys.server.example.com.
For more information about obtaining the OIDC provider's thumbprint, see Obtaining the Thumbprint for an OpenID Connect Provider in the IAM User Guide.
String openIDConnectProviderArn
The Amazon Resource Name (ARN) of the new IAM OpenID Connect provider that is created. For more information, see OpenIDConnectProviderListEntry.
String policyName
The friendly name of the policy.
This parameter allows (per its regex pattern) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: =,.@-+
String path
The path for the policy.
For more information about paths, see IAM Identifiers in the IAM User Guide.
This parameter is optional. If it is not included, it defaults to a slash (/).
This paramater allows (per its regex pattern) a string of characters consisting of either a forward slash (/) by itself or a string that must begin and end with forward slashes, containing any ASCII character from the ! (!) thru the DEL character (), including most punctuation characters, digits, and upper and lowercased letters.
String policyDocument
The JSON policy document that you want to use as the content for the new policy.
The regex pattern used to validate this parameter is a string of characters consisting of any printable ASCII character ranging from the space character ( ) through end of the ASCII character range as well as the printable characters in the Basic Latin and Latin-1 Supplement character set (through ÿ). It also includes the special characters tab ( ), line feed ( ), and carriage return ( ).
String description
A friendly description of the policy.
Typically used to store information about the permissions defined in the policy. For example, "Grants access to production DynamoDB tables."
The policy description is immutable. After a value is assigned, it cannot be changed.
Policy policy
A structure containing details about the new policy.
String policyArn
The Amazon Resource Name (ARN) of the IAM policy to which you want to add a new version.
For more information about ARNs, see Amazon Resource Names (ARNs) and AWS Service Namespaces in the AWS General Reference.
String policyDocument
The JSON policy document that you want to use as the content for this new version of the policy.
The regex pattern used to validate this parameter is a string of characters consisting of any printable ASCII character ranging from the space character ( ) through end of the ASCII character range as well as the printable characters in the Basic Latin and Latin-1 Supplement character set (through ÿ). It also includes the special characters tab ( ), line feed ( ), and carriage return ( ).
Boolean setAsDefault
Specifies whether to set this version as the policy's default version.
When this parameter is true, the new policy version becomes the operative version; that is, the
version that is in effect for the IAM users, groups, and roles that the policy is attached to.
For more information about managed policy versions, see Versioning for Managed Policies in the IAM User Guide.
PolicyVersion policyVersion
A structure containing details about the new policy version.
String path
The path to the role. For more information about paths, see IAM Identifiers in the IAM User Guide.
This parameter is optional. If it is not included, it defaults to a slash (/).
This paramater allows (per its regex pattern) a string of characters consisting of either a forward slash (/) by itself or a string that must begin and end with forward slashes, containing any ASCII character from the ! (!) thru the DEL character (), including most punctuation characters, digits, and upper and lowercased letters.
String roleName
The name of the role to create.
This parameter allows (per its regex pattern) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-
Role names are not distinguished by case. For example, you cannot create roles named both "PRODROLE" and "prodrole".
String assumeRolePolicyDocument
The trust relationship policy document that grants an entity permission to assume the role.
The regex pattern used to validate this parameter is a string of characters consisting of any printable ASCII character ranging from the space character ( ) through end of the ASCII character range as well as the printable characters in the Basic Latin and Latin-1 Supplement character set (through ÿ). It also includes the special characters tab ( ), line feed ( ), and carriage return ( ).
String description
A customer-provided description of the role.
Role role
A structure containing details about the new role.
String sAMLMetadataDocument
An XML document generated by an identity provider (IdP) that supports SAML 2.0. The document includes the issuer's name, expiration information, and keys that can be used to validate the SAML authentication response (assertions) that are received from the IdP. You must generate the metadata document using the identity management software that is used as your organization's IdP.
For more information, see About SAML 2.0-based Federation in the IAM User Guide
String name
The name of the provider to create.
This parameter allows (per its regex pattern) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: =,.@-
String sAMLProviderArn
The Amazon Resource Name (ARN) of the new SAML provider resource in IAM.
String aWSServiceName
The AWS service to which this role is attached. You use a string similar to a URL but without the http:// in
front. For example: elasticbeanstalk.amazonaws.com
String description
The description of the role.
String customSuffix
A string that you provide, which is combined with the service name to form the complete role name. If you make
multiple requests for the same service, then you must supply a different CustomSuffix for each
request. Otherwise the request fails with a duplicate role name error. For example, you could add -1
or -debug to the suffix.
String userName
The name of the IAM user that is to be associated with the credentials. The new service-specific credentials have the same permissions as the associated user except that they can be used only to access the specified service.
This parameter allows (per its regex pattern) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: =,.@-
String serviceName
The name of the AWS service that is to be associated with the credentials. The service you specify here is the only service that can be accessed using these credentials.
ServiceSpecificCredential serviceSpecificCredential
A structure that contains information about the newly created service-specific credential.
This is the only time that the password for this credential set is available. It cannot be recovered later. Instead, you will have to reset the password with ResetServiceSpecificCredential.
String path
The path for the user name. For more information about paths, see IAM Identifiers in the IAM User Guide.
This parameter is optional. If it is not included, it defaults to a slash (/).
This paramater allows (per its regex pattern) a string of characters consisting of either a forward slash (/) by itself or a string that must begin and end with forward slashes, containing any ASCII character from the ! (!) thru the DEL character (), including most punctuation characters, digits, and upper and lowercased letters.
String userName
The name of the user to create.
This parameter allows (per its regex pattern) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: =,.@-. User names are not distinguished by case. For example, you cannot create users named both "TESTUSER" and "testuser".
User user
A structure with details about the new IAM user.
String path
The path for the virtual MFA device. For more information about paths, see IAM Identifiers in the IAM User Guide.
This parameter is optional. If it is not included, it defaults to a slash (/).
This paramater allows (per its regex pattern) a string of characters consisting of either a forward slash (/) by itself or a string that must begin and end with forward slashes, containing any ASCII character from the ! (!) thru the DEL character (), including most punctuation characters, digits, and upper and lowercased letters.
String virtualMFADeviceName
The name of the virtual MFA device. Use with path to uniquely identify a virtual MFA device.
This parameter allows (per its regex pattern) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: =,.@-
VirtualMFADevice virtualMFADevice
A structure containing details about the new virtual MFA device.
String userName
The name of the user whose MFA device you want to deactivate.
This parameter allows (per its regex pattern) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: =,.@-
String serialNumber
The serial number that uniquely identifies the MFA device. For virtual MFA devices, the serial number is the device ARN.
This parameter allows (per its regex pattern) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: =,.@:/-
String userName
The name of the user whose access key pair you want to delete.
This parameter allows (per its regex pattern) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: =,.@-
String accessKeyId
The access key ID for the access key ID and secret access key you want to delete.
This parameter allows (per its regex pattern) a string of characters that can consist of any upper or lowercased letter or digit.
String accountAlias
The name of the account alias to delete.
This parameter allows (per its regex pattern) a string of characters consisting of lowercase letters, digits, and dashes. You cannot start or finish with a dash, nor can you have two dashes in a row.
String groupName
The name (friendly name, not ARN) identifying the group that the policy is embedded in.
This parameter allows (per its regex pattern) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: =,.@-
String policyName
The name identifying the policy document to delete.
This parameter allows (per its regex pattern) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: =,.@-+
String groupName
The name of the IAM group to delete.
This parameter allows (per its regex pattern) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: =,.@-
String instanceProfileName
The name of the instance profile to delete.
This parameter allows (per its regex pattern) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: =,.@-
String userName
The name of the user whose password you want to delete.
This parameter allows (per its regex pattern) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: =,.@-
String openIDConnectProviderArn
The Amazon Resource Name (ARN) of the IAM OpenID Connect provider resource object to delete. You can get a list of OpenID Connect provider resource ARNs by using the ListOpenIDConnectProviders action.
String policyArn
The Amazon Resource Name (ARN) of the IAM policy you want to delete.
For more information about ARNs, see Amazon Resource Names (ARNs) and AWS Service Namespaces in the AWS General Reference.
String policyArn
The Amazon Resource Name (ARN) of the IAM policy from which you want to delete a version.
For more information about ARNs, see Amazon Resource Names (ARNs) and AWS Service Namespaces in the AWS General Reference.
String versionId
The policy version to delete.
This parameter allows (per its regex pattern) a string of characters that consists of the lowercase letter 'v' followed by one or two digits, and optionally followed by a period '.' and a string of letters and digits.
For more information about managed policy versions, see Versioning for Managed Policies in the IAM User Guide.
String roleName
The name (friendly name, not ARN) identifying the role that the policy is embedded in.
This parameter allows (per its regex pattern) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-
String policyName
The name of the inline policy to delete from the specified IAM role.
This parameter allows (per its regex pattern) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: =,.@-+
String roleName
The name of the role to delete.
This parameter allows (per its regex pattern) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-
String sAMLProviderArn
The Amazon Resource Name (ARN) of the SAML provider to delete.
String serverCertificateName
The name of the server certificate you want to delete.
This parameter allows (per its regex pattern) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: =,.@-
String roleName
The name of the service-linked role to be deleted.
String deletionTaskId
The deletion task identifier that you can use to check the status of the deletion. This identifier is returned in
the format task/aws-service-role/<service-principal-name>/<role-name>/<task-uuid>.
String userName
The name of the IAM user associated with the service-specific credential. If this value is not specified, then the operation assumes the user whose credentials are used to call the operation.
This parameter allows (per its regex pattern) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: =,.@-
String serviceSpecificCredentialId
The unique identifier of the service-specific credential. You can get this value by calling ListServiceSpecificCredentials.
This parameter allows (per its regex pattern) a string of characters that can consist of any upper or lowercased letter or digit.
String userName
The name of the user the signing certificate belongs to.
This parameter allows (per its regex pattern) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: =,.@-
String certificateId
The ID of the signing certificate to delete.
The format of this parameter, as described by its regex pattern, is a string of characters that can be upper- or lower-cased letters or digits.
String userName
The name of the IAM user associated with the SSH public key.
This parameter allows (per its regex pattern) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: =,.@-
String sSHPublicKeyId
The unique identifier for the SSH public key.
This parameter allows (per its regex pattern) a string of characters that can consist of any upper or lowercased letter or digit.
String userName
The name (friendly name, not ARN) identifying the user that the policy is embedded in.
This parameter allows (per its regex pattern) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: =,.@-
String policyName
The name identifying the policy document to delete.
This parameter allows (per its regex pattern) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: =,.@-+
String userName
The name of the user to delete.
This parameter allows (per its regex pattern) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: =,.@-
String serialNumber
The serial number that uniquely identifies the MFA device. For virtual MFA devices, the serial number is the same as the ARN.
This parameter allows (per its regex pattern) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: =,.@:/-
String reason
A short description of the reason that the service-linked role deletion failed.
SdkInternalList<T> roleUsageList
A list of objects that contains details about the service-linked role deletion failure. If the service-linked role has active sessions or if any resources that were used by the role have not been deleted from the linked service, the role can't be deleted. This parameter includes a list of the resources that are associated with the role and the region in which the resources are being used.
String groupName
The name (friendly name, not ARN) of the IAM group to detach the policy from.
This parameter allows (per its regex pattern) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: =,.@-
String policyArn
The Amazon Resource Name (ARN) of the IAM policy you want to detach.
For more information about ARNs, see Amazon Resource Names (ARNs) and AWS Service Namespaces in the AWS General Reference.
String roleName
The name (friendly name, not ARN) of the IAM role to detach the policy from.
This parameter allows (per its regex pattern) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-
String policyArn
The Amazon Resource Name (ARN) of the IAM policy you want to detach.
For more information about ARNs, see Amazon Resource Names (ARNs) and AWS Service Namespaces in the AWS General Reference.
String userName
The name (friendly name, not ARN) of the IAM user to detach the policy from.
This parameter allows (per its regex pattern) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: =,.@-
String policyArn
The Amazon Resource Name (ARN) of the IAM policy you want to detach.
For more information about ARNs, see Amazon Resource Names (ARNs) and AWS Service Namespaces in the AWS General Reference.
String userName
The name of the IAM user for whom you want to enable the MFA device.
This parameter allows (per its regex pattern) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: =,.@-
String serialNumber
The serial number that uniquely identifies the MFA device. For virtual MFA devices, the serial number is the device ARN.
This parameter allows (per its regex pattern) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: =,.@:/-
String authenticationCode1
An authentication code emitted by the device.
The format for this parameter is a string of 6 digits.
Submit your request immediately after generating the authentication codes. If you generate the codes and then wait too long to submit the request, the MFA device successfully associates with the user but the MFA device becomes out of sync. This happens because time-based one-time passwords (TOTP) expire after a short period of time. If this happens, you can resync the device.
String authenticationCode2
A subsequent authentication code emitted by the device.
The format for this parameter is a string of 6 digits.
Submit your request immediately after generating the authentication codes. If you generate the codes and then wait too long to submit the request, the MFA device successfully associates with the user but the MFA device becomes out of sync. This happens because time-based one-time passwords (TOTP) expire after a short period of time. If this happens, you can resync the device.
String evalActionName
The name of the API action tested on the indicated resource.
String evalResourceName
The ARN of the resource that the indicated API action was tested on.
String evalDecision
The result of the simulation.
SdkInternalList<T> matchedStatements
A list of the statements in the input policies that determine the result for this scenario. Remember that even if multiple statements allow the action on the resource, if only one statement denies that action, then the explicit deny overrides any allow, and the deny statement is the only entry included in the result.
SdkInternalList<T> missingContextValues
A list of context keys that are required by the included input policies but that were not provided by one of the
input parameters. This list is used when the resource in a simulation is "*", either explicitly, or when the
ResourceArns parameter blank. If you include a list of resources, then any missing context values
are instead included under the ResourceSpecificResults section. To discover the context keys used by
a set of policies, you can call GetContextKeysForCustomPolicy or GetContextKeysForPrincipalPolicy.
OrganizationsDecisionDetail organizationsDecisionDetail
A structure that details how AWS Organizations and its service control policies affect the results of the simulation. Only applies if the simulated user's account is part of an organization.
SdkInternalMap<K,V> evalDecisionDetails
Additional details about the results of the evaluation decision. When there are both IAM policies and resource policies, this parameter explains how each set of policies contributes to the final evaluation decision. When simulating cross-account access to a resource, both the resource-based policy and the caller's IAM policy must grant access. See How IAM Roles Differ from Resource-based Policies
SdkInternalList<T> resourceSpecificResults
The individual results of the simulation of the API action specified in EvalActionName on each resource.
String accessKeyId
The identifier of an access key.
This parameter allows (per its regex pattern) a string of characters that can consist of any upper or lowercased letter or digit.
String userName
The name of the AWS IAM user that owns this access key.
AccessKeyLastUsed accessKeyLastUsed
Contains information about the last time the access key was used.
SdkInternalList<T> filter
A list of entity types used to filter the results. Only the entities that match the types you specify are
included in the output. Use the value LocalManagedPolicy to include customer managed policies.
The format for this parameter is a comma-separated (if more than one) list of strings. Each string value in the list must be one of the valid values listed below.
Integer maxItems
(Optional) Use this only when paginating results to indicate the maximum number of items you want in the
response. If additional items exist beyond the maximum you specify, the IsTruncated response element
is true.
If you do not include this parameter, it defaults to 100. Note that IAM might return fewer results, even when
there are more results available. In that case, the IsTruncated response element returns
true and Marker contains a value to include in the subsequent call that tells the
service where to continue from.
String marker
Use this parameter only when paginating results and only after you receive a response indicating that the results
are truncated. Set it to the value of the Marker element in the response that you received to
indicate where the next call should start.
SdkInternalList<T> userDetailList
A list containing information about IAM users.
SdkInternalList<T> groupDetailList
A list containing information about IAM groups.
SdkInternalList<T> roleDetailList
A list containing information about IAM roles.
SdkInternalList<T> policies
A list containing information about managed policies.
Boolean isTruncated
A flag that indicates whether there are more items to return. If your results were truncated, you can make a
subsequent pagination request using the Marker request parameter to retrieve more items. Note that
IAM might return fewer than the MaxItems number of results even when there are more results
available. We recommend that you check IsTruncated after every call to ensure that you receive all
of your results.
String marker
When IsTruncated is true, this element is present and contains the value to use for the
Marker parameter in a subsequent pagination request.
PasswordPolicy passwordPolicy
A structure that contains details about the account's password policy.
SdkInternalMap<K,V> summaryMap
A set of key value pairs containing information about IAM entity usage and IAM quotas.
SdkInternalList<T> policyInputList
A list of policies for which you want the list of context keys referenced in those policies. Each document is specified as a string containing the complete, valid JSON text of an IAM policy.
The regex pattern used to validate this parameter is a string of characters consisting of any printable ASCII character ranging from the space character ( ) through end of the ASCII character range as well as the printable characters in the Basic Latin and Latin-1 Supplement character set (through ÿ). It also includes the special characters tab ( ), line feed ( ), and carriage return ( ).
SdkInternalList<T> contextKeyNames
The list of context keys that are referenced in the input policies.
String policySourceArn
The ARN of a user, group, or role whose policies contain the context keys that you want listed. If you specify a user, the list includes context keys that are found in all policies attached to the user as well as to all groups that the user is a member of. If you pick a group or a role, then it includes only those context keys that are found in policies attached to that entity. Note that all parameters are shown in unencoded form here for clarity, but must be URL encoded to be included as a part of a real HTML request.
For more information about ARNs, see Amazon Resource Names (ARNs) and AWS Service Namespaces in the AWS General Reference.
SdkInternalList<T> policyInputList
An optional list of additional policies for which you want the list of context keys that are referenced.
The regex pattern used to validate this parameter is a string of characters consisting of any printable ASCII character ranging from the space character ( ) through end of the ASCII character range as well as the printable characters in the Basic Latin and Latin-1 Supplement character set (through ÿ). It also includes the special characters tab ( ), line feed ( ), and carriage return ( ).
SdkInternalList<T> contextKeyNames
The list of context keys that are referenced in the input policies.
ByteBuffer content
Contains the credential report. The report is Base64-encoded.
String reportFormat
The format (MIME type) of the credential report.
Date generatedTime
The date and time when the credential report was created, in ISO 8601 date-time format.
String groupName
The name of the group the policy is associated with.
This parameter allows (per its regex pattern) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: =,.@-
String policyName
The name of the policy document to get.
This parameter allows (per its regex pattern) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: =,.@-+
String groupName
The name of the group.
This parameter allows (per its regex pattern) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: =,.@-
String marker
Use this parameter only when paginating results and only after you receive a response indicating that the results
are truncated. Set it to the value of the Marker element in the response that you received to
indicate where the next call should start.
Integer maxItems
(Optional) Use this only when paginating results to indicate the maximum number of items you want in the
response. If additional items exist beyond the maximum you specify, the IsTruncated response element
is true.
If you do not include this parameter, it defaults to 100. Note that IAM might return fewer results, even when
there are more results available. In that case, the IsTruncated response element returns
true and Marker contains a value to include in the subsequent call that tells the
service where to continue from.
Group group
A structure that contains details about the group.
SdkInternalList<T> users
A list of users in the group.
Boolean isTruncated
A flag that indicates whether there are more items to return. If your results were truncated, you can make a
subsequent pagination request using the Marker request parameter to retrieve more items. Note that
IAM might return fewer than the MaxItems number of results even when there are more results
available. We recommend that you check IsTruncated after every call to ensure that you receive all
of your results.
String marker
When IsTruncated is true, this element is present and contains the value to use for the
Marker parameter in a subsequent pagination request.
String instanceProfileName
The name of the instance profile to get information about.
This parameter allows (per its regex pattern) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: =,.@-
InstanceProfile instanceProfile
A structure containing details about the instance profile.
String userName
The name of the user whose login profile you want to retrieve.
This parameter allows (per its regex pattern) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: =,.@-
LoginProfile loginProfile
A structure containing the user name and password create date for the user.
String openIDConnectProviderArn
The Amazon Resource Name (ARN) of the OIDC provider resource object in IAM to get information for. You can get a list of OIDC provider resource ARNs by using the ListOpenIDConnectProviders action.
For more information about ARNs, see Amazon Resource Names (ARNs) and AWS Service Namespaces in the AWS General Reference.
String url
The URL that the IAM OIDC provider resource object is associated with. For more information, see CreateOpenIDConnectProvider.
SdkInternalList<T> clientIDList
A list of client IDs (also known as audiences) that are associated with the specified IAM OIDC provider resource object. For more information, see CreateOpenIDConnectProvider.
SdkInternalList<T> thumbprintList
A list of certificate thumbprints that are associated with the specified IAM OIDC provider resource object. For more information, see CreateOpenIDConnectProvider.
Date createDate
The date and time when the IAM OIDC provider resource object was created in the AWS account.
String policyArn
The Amazon Resource Name (ARN) of the managed policy that you want information about.
For more information about ARNs, see Amazon Resource Names (ARNs) and AWS Service Namespaces in the AWS General Reference.
Policy policy
A structure containing details about the policy.
String policyArn
The Amazon Resource Name (ARN) of the managed policy that you want information about.
For more information about ARNs, see Amazon Resource Names (ARNs) and AWS Service Namespaces in the AWS General Reference.
String versionId
Identifies the policy version to retrieve.
This parameter allows (per its regex pattern) a string of characters that consists of the lowercase letter 'v' followed by one or two digits, and optionally followed by a period '.' and a string of letters and digits.
PolicyVersion policyVersion
A structure containing details about the policy version.
String roleName
The name of the role associated with the policy.
This parameter allows (per its regex pattern) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-
String policyName
The name of the policy document to get.
This parameter allows (per its regex pattern) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: =,.@-+
String roleName
The name of the IAM role to get information about.
This parameter allows (per its regex pattern) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-
Role role
A structure containing details about the IAM role.
String sAMLProviderArn
The Amazon Resource Name (ARN) of the SAML provider resource object in IAM to get information about.
For more information about ARNs, see Amazon Resource Names (ARNs) and AWS Service Namespaces in the AWS General Reference.
String serverCertificateName
The name of the server certificate you want to retrieve information about.
This parameter allows (per its regex pattern) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: =,.@-
ServerCertificate serverCertificate
A structure containing details about the server certificate.
String deletionTaskId
The deletion task identifier. This identifier is returned by the DeleteServiceLinkedRole operation in the
format task/aws-service-role/<service-principal-name>/<role-name>/<task-uuid>.
String status
The status of the deletion.
DeletionTaskFailureReasonType reason
An object that contains details about the reason the deletion failed.
String userName
The name of the IAM user associated with the SSH public key.
This parameter allows (per its regex pattern) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: =,.@-
String sSHPublicKeyId
The unique identifier for the SSH public key.
This parameter allows (per its regex pattern) a string of characters that can consist of any upper or lowercased letter or digit.
String encoding
Specifies the public key encoding format to use in the response. To retrieve the public key in ssh-rsa format,
use SSH. To retrieve the public key in PEM format, use PEM.
SSHPublicKey sSHPublicKey
A structure containing details about the SSH public key.
String userName
The name of the user who the policy is associated with.
This parameter allows (per its regex pattern) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: =,.@-
String policyName
The name of the policy document to get.
This parameter allows (per its regex pattern) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: =,.@-+
String userName
The name of the user to get information about.
This parameter is optional. If it is not included, it defaults to the user making the request. This parameter allows (per its regex pattern) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: =,.@-
User user
A structure containing details about the IAM user.
String path
The path to the group. For more information about paths, see IAM Identifiers in the Using IAM guide.
String groupName
The friendly name that identifies the group.
String groupId
The stable and unique string identifying the group. For more information about IDs, see IAM Identifiers in the Using IAM guide.
String arn
The Amazon Resource Name (ARN) specifying the group. For more information about ARNs and how to use them in policies, see IAM Identifiers in the Using IAM guide.
Date createDate
The date and time, in ISO 8601 date-time format, when the group was created.
String path
The path to the group. For more information about paths, see IAM Identifiers in the Using IAM guide.
String groupName
The friendly name that identifies the group.
String groupId
The stable and unique string identifying the group. For more information about IDs, see IAM Identifiers in the Using IAM guide.
String arn
Date createDate
The date and time, in ISO 8601 date-time format, when the group was created.
SdkInternalList<T> groupPolicyList
A list of the inline policies embedded in the group.
SdkInternalList<T> attachedManagedPolicies
A list of the managed policies attached to the group.
String path
The path to the instance profile. For more information about paths, see IAM Identifiers in the Using IAM guide.
String instanceProfileName
The name identifying the instance profile.
String instanceProfileId
The stable and unique string identifying the instance profile. For more information about IDs, see IAM Identifiers in the Using IAM guide.
String arn
The Amazon Resource Name (ARN) specifying the instance profile. For more information about ARNs and how to use them in policies, see IAM Identifiers in the Using IAM guide.
Date createDate
The date when the instance profile was created.
SdkInternalList<T> roles
The role associated with the instance profile.
String userName
The name of the user.
This parameter allows (per its regex pattern) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: =,.@-
String marker
Use this parameter only when paginating results and only after you receive a response indicating that the results
are truncated. Set it to the value of the Marker element in the response that you received to
indicate where the next call should start.
Integer maxItems
(Optional) Use this only when paginating results to indicate the maximum number of items you want in the
response. If additional items exist beyond the maximum you specify, the IsTruncated response element
is true.
If you do not include this parameter, it defaults to 100. Note that IAM might return fewer results, even when
there are more results available. In that case, the IsTruncated response element returns
true and Marker contains a value to include in the subsequent call that tells the
service where to continue from.
SdkInternalList<T> accessKeyMetadata
A list of objects containing metadata about the access keys.
Boolean isTruncated
A flag that indicates whether there are more items to return. If your results were truncated, you can make a
subsequent pagination request using the Marker request parameter to retrieve more items. Note that
IAM might return fewer than the MaxItems number of results even when there are more results
available. We recommend that you check IsTruncated after every call to ensure that you receive all
of your results.
String marker
When IsTruncated is true, this element is present and contains the value to use for the
Marker parameter in a subsequent pagination request.
String marker
Use this parameter only when paginating results and only after you receive a response indicating that the results
are truncated. Set it to the value of the Marker element in the response that you received to
indicate where the next call should start.
Integer maxItems
(Optional) Use this only when paginating results to indicate the maximum number of items you want in the
response. If additional items exist beyond the maximum you specify, the IsTruncated response element
is true.
If you do not include this parameter, it defaults to 100. Note that IAM might return fewer results, even when
there are more results available. In that case, the IsTruncated response element returns
true and Marker contains a value to include in the subsequent call that tells the
service where to continue from.
SdkInternalList<T> accountAliases
A list of aliases associated with the account. AWS supports only one alias per account.
Boolean isTruncated
A flag that indicates whether there are more items to return. If your results were truncated, you can make a
subsequent pagination request using the Marker request parameter to retrieve more items. Note that
IAM might return fewer than the MaxItems number of results even when there are more results
available. We recommend that you check IsTruncated after every call to ensure that you receive all
of your results.
String marker
When IsTruncated is true, this element is present and contains the value to use for the
Marker parameter in a subsequent pagination request.
String groupName
The name (friendly name, not ARN) of the group to list attached policies for.
This parameter allows (per its regex pattern) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: =,.@-
String pathPrefix
The path prefix for filtering the results. This parameter is optional. If it is not included, it defaults to a slash (/), listing all policies.
This paramater allows (per its regex pattern) a string of characters consisting of either a forward slash (/) by itself or a string that must begin and end with forward slashes, containing any ASCII character from the ! (!) thru the DEL character (), including most punctuation characters, digits, and upper and lowercased letters.
String marker
Use this parameter only when paginating results and only after you receive a response indicating that the results
are truncated. Set it to the value of the Marker element in the response that you received to
indicate where the next call should start.
Integer maxItems
(Optional) Use this only when paginating results to indicate the maximum number of items you want in the
response. If additional items exist beyond the maximum you specify, the IsTruncated response element
is true.
If you do not include this parameter, it defaults to 100. Note that IAM might return fewer results, even when
there are more results available. In that case, the IsTruncated response element returns
true and Marker contains a value to include in the subsequent call that tells the
service where to continue from.
SdkInternalList<T> attachedPolicies
A list of the attached policies.
Boolean isTruncated
A flag that indicates whether there are more items to return. If your results were truncated, you can make a
subsequent pagination request using the Marker request parameter to retrieve more items. Note that
IAM might return fewer than the MaxItems number of results even when there are more results
available. We recommend that you check IsTruncated after every call to ensure that you receive all
of your results.
String marker
When IsTruncated is true, this element is present and contains the value to use for the
Marker parameter in a subsequent pagination request.
String roleName
The name (friendly name, not ARN) of the role to list attached policies for.
This parameter allows (per its regex pattern) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-
String pathPrefix
The path prefix for filtering the results. This parameter is optional. If it is not included, it defaults to a slash (/), listing all policies.
This paramater allows (per its regex pattern) a string of characters consisting of either a forward slash (/) by itself or a string that must begin and end with forward slashes, containing any ASCII character from the ! (!) thru the DEL character (), including most punctuation characters, digits, and upper and lowercased letters.
String marker
Use this parameter only when paginating results and only after you receive a response indicating that the results
are truncated. Set it to the value of the Marker element in the response that you received to
indicate where the next call should start.
Integer maxItems
(Optional) Use this only when paginating results to indicate the maximum number of items you want in the
response. If additional items exist beyond the maximum you specify, the IsTruncated response element
is true.
If you do not include this parameter, it defaults to 100. Note that IAM might return fewer results, even when
there are more results available. In that case, the IsTruncated response element returns
true and Marker contains a value to include in the subsequent call that tells the
service where to continue from.
SdkInternalList<T> attachedPolicies
A list of the attached policies.
Boolean isTruncated
A flag that indicates whether there are more items to return. If your results were truncated, you can make a
subsequent pagination request using the Marker request parameter to retrieve more items. Note that
IAM might return fewer than the MaxItems number of results even when there are more results
available. We recommend that you check IsTruncated after every call to ensure that you receive all
of your results.
String marker
When IsTruncated is true, this element is present and contains the value to use for the
Marker parameter in a subsequent pagination request.
String userName
The name (friendly name, not ARN) of the user to list attached policies for.
This parameter allows (per its regex pattern) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: =,.@-
String pathPrefix
The path prefix for filtering the results. This parameter is optional. If it is not included, it defaults to a slash (/), listing all policies.
This paramater allows (per its regex pattern) a string of characters consisting of either a forward slash (/) by itself or a string that must begin and end with forward slashes, containing any ASCII character from the ! (!) thru the DEL character (), including most punctuation characters, digits, and upper and lowercased letters.
String marker
Use this parameter only when paginating results and only after you receive a response indicating that the results
are truncated. Set it to the value of the Marker element in the response that you received to
indicate where the next call should start.
Integer maxItems
(Optional) Use this only when paginating results to indicate the maximum number of items you want in the
response. If additional items exist beyond the maximum you specify, the IsTruncated response element
is true.
If you do not include this parameter, it defaults to 100. Note that IAM might return fewer results, even when
there are more results available. In that case, the IsTruncated response element returns
true and Marker contains a value to include in the subsequent call that tells the
service where to continue from.
SdkInternalList<T> attachedPolicies
A list of the attached policies.
Boolean isTruncated
A flag that indicates whether there are more items to return. If your results were truncated, you can make a
subsequent pagination request using the Marker request parameter to retrieve more items. Note that
IAM might return fewer than the MaxItems number of results even when there are more results
available. We recommend that you check IsTruncated after every call to ensure that you receive all
of your results.
String marker
When IsTruncated is true, this element is present and contains the value to use for the
Marker parameter in a subsequent pagination request.
String policyArn
The Amazon Resource Name (ARN) of the IAM policy for which you want the versions.
For more information about ARNs, see Amazon Resource Names (ARNs) and AWS Service Namespaces in the AWS General Reference.
String entityFilter
The entity type to use for filtering the results.
For example, when EntityFilter is Role, only the roles that are attached to the
specified policy are returned. This parameter is optional. If it is not included, all attached entities (users,
groups, and roles) are returned. The argument for this parameter must be one of the valid values listed below.
String pathPrefix
The path prefix for filtering the results. This parameter is optional. If it is not included, it defaults to a slash (/), listing all entities.
This paramater allows (per its regex pattern) a string of characters consisting of either a forward slash (/) by itself or a string that must begin and end with forward slashes, containing any ASCII character from the ! (!) thru the DEL character (), including most punctuation characters, digits, and upper and lowercased letters.
String marker
Use this parameter only when paginating results and only after you receive a response indicating that the results
are truncated. Set it to the value of the Marker element in the response that you received to
indicate where the next call should start.
Integer maxItems
(Optional) Use this only when paginating results to indicate the maximum number of items you want in the
response. If additional items exist beyond the maximum you specify, the IsTruncated response element
is true.
If you do not include this parameter, it defaults to 100. Note that IAM might return fewer results, even when
there are more results available. In that case, the IsTruncated response element returns
true and Marker contains a value to include in the subsequent call that tells the
service where to continue from.
SdkInternalList<T> policyGroups
A list of IAM groups that the policy is attached to.
SdkInternalList<T> policyUsers
A list of IAM users that the policy is attached to.
SdkInternalList<T> policyRoles
A list of IAM roles that the policy is attached to.
Boolean isTruncated
A flag that indicates whether there are more items to return. If your results were truncated, you can make a
subsequent pagination request using the Marker request parameter to retrieve more items. Note that
IAM might return fewer than the MaxItems number of results even when there are more results
available. We recommend that you check IsTruncated after every call to ensure that you receive all
of your results.
String marker
When IsTruncated is true, this element is present and contains the value to use for the
Marker parameter in a subsequent pagination request.
String groupName
The name of the group to list policies for.
This parameter allows (per its regex pattern) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: =,.@-
String marker
Use this parameter only when paginating results and only after you receive a response indicating that the results
are truncated. Set it to the value of the Marker element in the response that you received to
indicate where the next call should start.
Integer maxItems
(Optional) Use this only when paginating results to indicate the maximum number of items you want in the
response. If additional items exist beyond the maximum you specify, the IsTruncated response element
is true.
If you do not include this parameter, it defaults to 100. Note that IAM might return fewer results, even when
there are more results available. In that case, the IsTruncated response element returns
true and Marker contains a value to include in the subsequent call that tells the
service where to continue from.
SdkInternalList<T> policyNames
A list of policy names.
This parameter allows (per its regex pattern) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: =,.@-+
Boolean isTruncated
A flag that indicates whether there are more items to return. If your results were truncated, you can make a
subsequent pagination request using the Marker request parameter to retrieve more items. Note that
IAM might return fewer than the MaxItems number of results even when there are more results
available. We recommend that you check IsTruncated after every call to ensure that you receive all
of your results.
String marker
When IsTruncated is true, this element is present and contains the value to use for the
Marker parameter in a subsequent pagination request.
String userName
The name of the user to list groups for.
This parameter allows (per its regex pattern) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: =,.@-
String marker
Use this parameter only when paginating results and only after you receive a response indicating that the results
are truncated. Set it to the value of the Marker element in the response that you received to
indicate where the next call should start.
Integer maxItems
(Optional) Use this only when paginating results to indicate the maximum number of items you want in the
response. If additional items exist beyond the maximum you specify, the IsTruncated response element
is true.
If you do not include this parameter, it defaults to 100. Note that IAM might return fewer results, even when
there are more results available. In that case, the IsTruncated response element returns
true and Marker contains a value to include in the subsequent call that tells the
service where to continue from.
SdkInternalList<T> groups
A list of groups.
Boolean isTruncated
A flag that indicates whether there are more items to return. If your results were truncated, you can make a
subsequent pagination request using the Marker request parameter to retrieve more items. Note that
IAM might return fewer than the MaxItems number of results even when there are more results
available. We recommend that you check IsTruncated after every call to ensure that you receive all
of your results.
String marker
When IsTruncated is true, this element is present and contains the value to use for the
Marker parameter in a subsequent pagination request.
String pathPrefix
The path prefix for filtering the results. For example, the prefix /division_abc/subdivision_xyz/
gets all groups whose path starts with /division_abc/subdivision_xyz/.
This parameter is optional. If it is not included, it defaults to a slash (/), listing all groups. This paramater allows (per its regex pattern) a string of characters consisting of either a forward slash (/) by itself or a string that must begin and end with forward slashes, containing any ASCII character from the ! (!) thru the DEL character (), including most punctuation characters, digits, and upper and lowercased letters.
String marker
Use this parameter only when paginating results and only after you receive a response indicating that the results
are truncated. Set it to the value of the Marker element in the response that you received to
indicate where the next call should start.
Integer maxItems
(Optional) Use this only when paginating results to indicate the maximum number of items you want in the
response. If additional items exist beyond the maximum you specify, the IsTruncated response element
is true.
If you do not include this parameter, it defaults to 100. Note that IAM might return fewer results, even when
there are more results available. In that case, the IsTruncated response element returns
true and Marker contains a value to include in the subsequent call that tells the
service where to continue from.
SdkInternalList<T> groups
A list of groups.
Boolean isTruncated
A flag that indicates whether there are more items to return. If your results were truncated, you can make a
subsequent pagination request using the Marker request parameter to retrieve more items. Note that
IAM might return fewer than the MaxItems number of results even when there are more results
available. We recommend that you check IsTruncated after every call to ensure that you receive all
of your results.
String marker
When IsTruncated is true, this element is present and contains the value to use for the
Marker parameter in a subsequent pagination request.
String roleName
The name of the role to list instance profiles for.
This parameter allows (per its regex pattern) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-
String marker
Use this parameter only when paginating results and only after you receive a response indicating that the results
are truncated. Set it to the value of the Marker element in the response that you received to
indicate where the next call should start.
Integer maxItems
(Optional) Use this only when paginating results to indicate the maximum number of items you want in the
response. If additional items exist beyond the maximum you specify, the IsTruncated response element
is true.
If you do not include this parameter, it defaults to 100. Note that IAM might return fewer results, even when
there are more results available. In that case, the IsTruncated response element returns
true and Marker contains a value to include in the subsequent call that tells the
service where to continue from.
SdkInternalList<T> instanceProfiles
A list of instance profiles.
Boolean isTruncated
A flag that indicates whether there are more items to return. If your results were truncated, you can make a
subsequent pagination request using the Marker request parameter to retrieve more items. Note that
IAM might return fewer than the MaxItems number of results even when there are more results
available. We recommend that you check IsTruncated after every call to ensure that you receive all
of your results.
String marker
When IsTruncated is true, this element is present and contains the value to use for the
Marker parameter in a subsequent pagination request.
String pathPrefix
The path prefix for filtering the results. For example, the prefix /application_abc/component_xyz/
gets all instance profiles whose path starts with /application_abc/component_xyz/.
This parameter is optional. If it is not included, it defaults to a slash (/), listing all instance profiles. This paramater allows (per its regex pattern) a string of characters consisting of either a forward slash (/) by itself or a string that must begin and end with forward slashes, containing any ASCII character from the ! (!) thru the DEL character (), including most punctuation characters, digits, and upper and lowercased letters.
String marker
Use this parameter only when paginating results and only after you receive a response indicating that the results
are truncated. Set it to the value of the Marker element in the response that you received to
indicate where the next call should start.
Integer maxItems
(Optional) Use this only when paginating results to indicate the maximum number of items you want in the
response. If additional items exist beyond the maximum you specify, the IsTruncated response element
is true.
If you do not include this parameter, it defaults to 100. Note that IAM might return fewer results, even when
there are more results available. In that case, the IsTruncated response element returns
true and Marker contains a value to include in the subsequent call that tells the
service where to continue from.
SdkInternalList<T> instanceProfiles
A list of instance profiles.
Boolean isTruncated
A flag that indicates whether there are more items to return. If your results were truncated, you can make a
subsequent pagination request using the Marker request parameter to retrieve more items. Note that
IAM might return fewer than the MaxItems number of results even when there are more results
available. We recommend that you check IsTruncated after every call to ensure that you receive all
of your results.
String marker
When IsTruncated is true, this element is present and contains the value to use for the
Marker parameter in a subsequent pagination request.
String userName
The name of the user whose MFA devices you want to list.
This parameter allows (per its regex pattern) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: =,.@-
String marker
Use this parameter only when paginating results and only after you receive a response indicating that the results
are truncated. Set it to the value of the Marker element in the response that you received to
indicate where the next call should start.
Integer maxItems
(Optional) Use this only when paginating results to indicate the maximum number of items you want in the
response. If additional items exist beyond the maximum you specify, the IsTruncated response element
is true.
If you do not include this parameter, it defaults to 100. Note that IAM might return fewer results, even when
there are more results available. In that case, the IsTruncated response element returns
true and Marker contains a value to include in the subsequent call that tells the
service where to continue from.
SdkInternalList<T> mFADevices
A list of MFA devices.
Boolean isTruncated
A flag that indicates whether there are more items to return. If your results were truncated, you can make a
subsequent pagination request using the Marker request parameter to retrieve more items. Note that
IAM might return fewer than the MaxItems number of results even when there are more results
available. We recommend that you check IsTruncated after every call to ensure that you receive all
of your results.
String marker
When IsTruncated is true, this element is present and contains the value to use for the
Marker parameter in a subsequent pagination request.
SdkInternalList<T> openIDConnectProviderList
The list of IAM OIDC provider resource objects defined in the AWS account.
String scope
The scope to use for filtering the results.
To list only AWS managed policies, set Scope to AWS. To list only the customer managed
policies in your AWS account, set Scope to Local.
This parameter is optional. If it is not included, or if it is set to All, all policies are
returned.
Boolean onlyAttached
A flag to filter the results to only the attached policies.
When OnlyAttached is true, the returned list contains only the policies that are
attached to an IAM user, group, or role. When OnlyAttached is false, or when the
parameter is not included, all policies are returned.
String pathPrefix
The path prefix for filtering the results. This parameter is optional. If it is not included, it defaults to a slash (/), listing all policies. This paramater allows (per its regex pattern) a string of characters consisting of either a forward slash (/) by itself or a string that must begin and end with forward slashes, containing any ASCII character from the ! (!) thru the DEL character (), including most punctuation characters, digits, and upper and lowercased letters.
String marker
Use this parameter only when paginating results and only after you receive a response indicating that the results
are truncated. Set it to the value of the Marker element in the response that you received to
indicate where the next call should start.
Integer maxItems
(Optional) Use this only when paginating results to indicate the maximum number of items you want in the
response. If additional items exist beyond the maximum you specify, the IsTruncated response element
is true.
If you do not include this parameter, it defaults to 100. Note that IAM might return fewer results, even when
there are more results available. In that case, the IsTruncated response element returns
true and Marker contains a value to include in the subsequent call that tells the
service where to continue from.
SdkInternalList<T> policies
A list of policies.
Boolean isTruncated
A flag that indicates whether there are more items to return. If your results were truncated, you can make a
subsequent pagination request using the Marker request parameter to retrieve more items. Note that
IAM might return fewer than the MaxItems number of results even when there are more results
available. We recommend that you check IsTruncated after every call to ensure that you receive all
of your results.
String marker
When IsTruncated is true, this element is present and contains the value to use for the
Marker parameter in a subsequent pagination request.
String policyArn
The Amazon Resource Name (ARN) of the IAM policy for which you want the versions.
For more information about ARNs, see Amazon Resource Names (ARNs) and AWS Service Namespaces in the AWS General Reference.
String marker
Use this parameter only when paginating results and only after you receive a response indicating that the results
are truncated. Set it to the value of the Marker element in the response that you received to
indicate where the next call should start.
Integer maxItems
(Optional) Use this only when paginating results to indicate the maximum number of items you want in the
response. If additional items exist beyond the maximum you specify, the IsTruncated response element
is true.
If you do not include this parameter, it defaults to 100. Note that IAM might return fewer results, even when
there are more results available. In that case, the IsTruncated response element returns
true and Marker contains a value to include in the subsequent call that tells the
service where to continue from.
SdkInternalList<T> versions
A list of policy versions.
For more information about managed policy versions, see Versioning for Managed Policies in the IAM User Guide.
Boolean isTruncated
A flag that indicates whether there are more items to return. If your results were truncated, you can make a
subsequent pagination request using the Marker request parameter to retrieve more items. Note that
IAM might return fewer than the MaxItems number of results even when there are more results
available. We recommend that you check IsTruncated after every call to ensure that you receive all
of your results.
String marker
When IsTruncated is true, this element is present and contains the value to use for the
Marker parameter in a subsequent pagination request.
String roleName
The name of the role to list policies for.
This parameter allows (per its regex pattern) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-
String marker
Use this parameter only when paginating results and only after you receive a response indicating that the results
are truncated. Set it to the value of the Marker element in the response that you received to
indicate where the next call should start.
Integer maxItems
(Optional) Use this only when paginating results to indicate the maximum number of items you want in the
response. If additional items exist beyond the maximum you specify, the IsTruncated response element
is true.
If you do not include this parameter, it defaults to 100. Note that IAM might return fewer results, even when
there are more results available. In that case, the IsTruncated response element returns
true and Marker contains a value to include in the subsequent call that tells the
service where to continue from.
SdkInternalList<T> policyNames
A list of policy names.
Boolean isTruncated
A flag that indicates whether there are more items to return. If your results were truncated, you can make a
subsequent pagination request using the Marker request parameter to retrieve more items. Note that
IAM might return fewer than the MaxItems number of results even when there are more results
available. We recommend that you check IsTruncated after every call to ensure that you receive all
of your results.
String marker
When IsTruncated is true, this element is present and contains the value to use for the
Marker parameter in a subsequent pagination request.
String pathPrefix
The path prefix for filtering the results. For example, the prefix /application_abc/component_xyz/
gets all roles whose path starts with /application_abc/component_xyz/.
This parameter is optional. If it is not included, it defaults to a slash (/), listing all roles. This paramater allows (per its regex pattern) a string of characters consisting of either a forward slash (/) by itself or a string that must begin and end with forward slashes, containing any ASCII character from the ! (!) thru the DEL character (), including most punctuation characters, digits, and upper and lowercased letters.
String marker
Use this parameter only when paginating results and only after you receive a response indicating that the results
are truncated. Set it to the value of the Marker element in the response that you received to
indicate where the next call should start.
Integer maxItems
(Optional) Use this only when paginating results to indicate the maximum number of items you want in the
response. If additional items exist beyond the maximum you specify, the IsTruncated response element
is true.
If you do not include this parameter, it defaults to 100. Note that IAM might return fewer results, even when
there are more results available. In that case, the IsTruncated response element returns
true and Marker contains a value to include in the subsequent call that tells the
service where to continue from.
SdkInternalList<T> roles
A list of roles.
Boolean isTruncated
A flag that indicates whether there are more items to return. If your results were truncated, you can make a
subsequent pagination request using the Marker request parameter to retrieve more items. Note that
IAM might return fewer than the MaxItems number of results even when there are more results
available. We recommend that you check IsTruncated after every call to ensure that you receive all
of your results.
String marker
When IsTruncated is true, this element is present and contains the value to use for the
Marker parameter in a subsequent pagination request.
SdkInternalList<T> sAMLProviderList
The list of SAML provider resource objects defined in IAM for this AWS account.
String pathPrefix
The path prefix for filtering the results. For example: /company/servercerts would get all server
certificates for which the path starts with /company/servercerts.
This parameter is optional. If it is not included, it defaults to a slash (/), listing all server certificates. This paramater allows (per its regex pattern) a string of characters consisting of either a forward slash (/) by itself or a string that must begin and end with forward slashes, containing any ASCII character from the ! (!) thru the DEL character (), including most punctuation characters, digits, and upper and lowercased letters.
String marker
Use this parameter only when paginating results and only after you receive a response indicating that the results
are truncated. Set it to the value of the Marker element in the response that you received to
indicate where the next call should start.
Integer maxItems
(Optional) Use this only when paginating results to indicate the maximum number of items you want in the
response. If additional items exist beyond the maximum you specify, the IsTruncated response element
is true.
If you do not include this parameter, it defaults to 100. Note that IAM might return fewer results, even when
there are more results available. In that case, the IsTruncated response element returns
true and Marker contains a value to include in the subsequent call that tells the
service where to continue from.
SdkInternalList<T> serverCertificateMetadataList
A list of server certificates.
Boolean isTruncated
A flag that indicates whether there are more items to return. If your results were truncated, you can make a
subsequent pagination request using the Marker request parameter to retrieve more items. Note that
IAM might return fewer than the MaxItems number of results even when there are more results
available. We recommend that you check IsTruncated after every call to ensure that you receive all
of your results.
String marker
When IsTruncated is true, this element is present and contains the value to use for the
Marker parameter in a subsequent pagination request.
String userName
The name of the user whose service-specific credentials you want information about. If this value is not specified then the operation assumes the user whose credentials are used to call the operation.
This parameter allows (per its regex pattern) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: =,.@-
String serviceName
Filters the returned results to only those for the specified AWS service. If not specified, then AWS returns service-specific credentials for all services.
SdkInternalList<T> serviceSpecificCredentials
A list of structures that each contain details about a service-specific credential.
String userName
The name of the IAM user whose signing certificates you want to examine.
This parameter allows (per its regex pattern) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: =,.@-
String marker
Use this parameter only when paginating results and only after you receive a response indicating that the results
are truncated. Set it to the value of the Marker element in the response that you received to
indicate where the next call should start.
Integer maxItems
(Optional) Use this only when paginating results to indicate the maximum number of items you want in the
response. If additional items exist beyond the maximum you specify, the IsTruncated response element
is true.
If you do not include this parameter, it defaults to 100. Note that IAM might return fewer results, even when
there are more results available. In that case, the IsTruncated response element returns
true and Marker contains a value to include in the subsequent call that tells the
service where to continue from.
SdkInternalList<T> certificates
A list of the user's signing certificate information.
Boolean isTruncated
A flag that indicates whether there are more items to return. If your results were truncated, you can make a
subsequent pagination request using the Marker request parameter to retrieve more items. Note that
IAM might return fewer than the MaxItems number of results even when there are more results
available. We recommend that you check IsTruncated after every call to ensure that you receive all
of your results.
String marker
When IsTruncated is true, this element is present and contains the value to use for the
Marker parameter in a subsequent pagination request.
String userName
The name of the IAM user to list SSH public keys for. If none is specified, the UserName field is determined implicitly based on the AWS access key used to sign the request.
This parameter allows (per its regex pattern) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: =,.@-
String marker
Use this parameter only when paginating results and only after you receive a response indicating that the results
are truncated. Set it to the value of the Marker element in the response that you received to
indicate where the next call should start.
Integer maxItems
(Optional) Use this only when paginating results to indicate the maximum number of items you want in the
response. If additional items exist beyond the maximum you specify, the IsTruncated response element
is true.
If you do not include this parameter, it defaults to 100. Note that IAM might return fewer results, even when
there are more results available. In that case, the IsTruncated response element returns
true and Marker contains a value to include in the subsequent call that tells the
service where to continue from.
SdkInternalList<T> sSHPublicKeys
A list of the SSH public keys assigned to IAM user.
Boolean isTruncated
A flag that indicates whether there are more items to return. If your results were truncated, you can make a
subsequent pagination request using the Marker request parameter to retrieve more items. Note that
IAM might return fewer than the MaxItems number of results even when there are more results
available. We recommend that you check IsTruncated after every call to ensure that you receive all
of your results.
String marker
When IsTruncated is true, this element is present and contains the value to use for the
Marker parameter in a subsequent pagination request.
String userName
The name of the user to list policies for.
This parameter allows (per its regex pattern) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: =,.@-
String marker
Use this parameter only when paginating results and only after you receive a response indicating that the results
are truncated. Set it to the value of the Marker element in the response that you received to
indicate where the next call should start.
Integer maxItems
(Optional) Use this only when paginating results to indicate the maximum number of items you want in the
response. If additional items exist beyond the maximum you specify, the IsTruncated response element
is true.
If you do not include this parameter, it defaults to 100. Note that IAM might return fewer results, even when
there are more results available. In that case, the IsTruncated response element returns
true and Marker contains a value to include in the subsequent call that tells the
service where to continue from.
SdkInternalList<T> policyNames
A list of policy names.
Boolean isTruncated
A flag that indicates whether there are more items to return. If your results were truncated, you can make a
subsequent pagination request using the Marker request parameter to retrieve more items. Note that
IAM might return fewer than the MaxItems number of results even when there are more results
available. We recommend that you check IsTruncated after every call to ensure that you receive all
of your results.
String marker
When IsTruncated is true, this element is present and contains the value to use for the
Marker parameter in a subsequent pagination request.
String pathPrefix
The path prefix for filtering the results. For example: /division_abc/subdivision_xyz/, which would
get all user names whose path starts with /division_abc/subdivision_xyz/.
This parameter is optional. If it is not included, it defaults to a slash (/), listing all user names. This paramater allows (per its regex pattern) a string of characters consisting of either a forward slash (/) by itself or a string that must begin and end with forward slashes, containing any ASCII character from the ! (!) thru the DEL character (), including most punctuation characters, digits, and upper and lowercased letters.
String marker
Use this parameter only when paginating results and only after you receive a response indicating that the results
are truncated. Set it to the value of the Marker element in the response that you received to
indicate where the next call should start.
Integer maxItems
(Optional) Use this only when paginating results to indicate the maximum number of items you want in the
response. If additional items exist beyond the maximum you specify, the IsTruncated response element
is true.
If you do not include this parameter, it defaults to 100. Note that IAM might return fewer results, even when
there are more results available. In that case, the IsTruncated response element returns
true and Marker contains a value to include in the subsequent call that tells the
service where to continue from.
SdkInternalList<T> users
A list of users.
Boolean isTruncated
A flag that indicates whether there are more items to return. If your results were truncated, you can make a
subsequent pagination request using the Marker request parameter to retrieve more items. Note that
IAM might return fewer than the MaxItems number of results even when there are more results
available. We recommend that you check IsTruncated after every call to ensure that you receive all
of your results.
String marker
When IsTruncated is true, this element is present and contains the value to use for the
Marker parameter in a subsequent pagination request.
String assignmentStatus
The status (Unassigned or Assigned) of the devices to list. If you do not specify an
AssignmentStatus, the action defaults to Any which lists both assigned and unassigned
virtual MFA devices.
String marker
Use this parameter only when paginating results and only after you receive a response indicating that the results
are truncated. Set it to the value of the Marker element in the response that you received to
indicate where the next call should start.
Integer maxItems
(Optional) Use this only when paginating results to indicate the maximum number of items you want in the
response. If additional items exist beyond the maximum you specify, the IsTruncated response element
is true.
If you do not include this parameter, it defaults to 100. Note that IAM might return fewer results, even when
there are more results available. In that case, the IsTruncated response element returns
true and Marker contains a value to include in the subsequent call that tells the
service where to continue from.
SdkInternalList<T> virtualMFADevices
The list of virtual MFA devices in the current account that match the AssignmentStatus value that
was passed in the request.
Boolean isTruncated
A flag that indicates whether there are more items to return. If your results were truncated, you can make a
subsequent pagination request using the Marker request parameter to retrieve more items. Note that
IAM might return fewer than the MaxItems number of results even when there are more results
available. We recommend that you check IsTruncated after every call to ensure that you receive all
of your results.
String marker
When IsTruncated is true, this element is present and contains the value to use for the
Marker parameter in a subsequent pagination request.
String userName
The name of the user, which can be used for signing in to the AWS Management Console.
Date createDate
The date when the password for the user was created.
Boolean passwordResetRequired
Specifies whether the user is required to set a new password on next sign-in.
String policyName
The friendly name (not ARN) identifying the policy.
String policyId
The stable and unique string identifying the policy.
For more information about IDs, see IAM Identifiers in the Using IAM guide.
String arn
String path
The path to the policy.
For more information about paths, see IAM Identifiers in the Using IAM guide.
String defaultVersionId
The identifier for the version of the policy that is set as the default (operative) version.
For more information about policy versions, see Versioning for Managed Policies in the Using IAM guide.
Integer attachmentCount
The number of principal entities (users, groups, and roles) that the policy is attached to.
Boolean isAttachable
Specifies whether the policy can be attached to an IAM user, group, or role.
String description
A friendly description of the policy.
Date createDate
The date and time, in ISO 8601 date-time format, when the policy was created.
Date updateDate
The date and time, in ISO 8601 date-time format, when the policy was last updated.
When a policy has only one version, this field contains the date and time when the policy was created. When a policy has more than one version, this field contains the date and time when the most recent policy version was created.
SdkInternalList<T> policyVersionList
A list containing information about the versions of the policy.
String userName
The user with whom the MFA device is associated.
String serialNumber
The serial number that uniquely identifies the MFA device. For virtual MFA devices, the serial number is the device ARN.
Date enableDate
The date when the MFA device was enabled for the user.
String arn
Boolean allowedByOrganizations
Specifies whether the simulated action is allowed by the AWS Organizations service control policies that impact the simulated user's account.
Integer minimumPasswordLength
Minimum length to require for IAM user passwords.
Boolean requireSymbols
Specifies whether to require symbols for IAM user passwords.
Boolean requireNumbers
Specifies whether to require numbers for IAM user passwords.
Boolean requireUppercaseCharacters
Specifies whether to require uppercase characters for IAM user passwords.
Boolean requireLowercaseCharacters
Specifies whether to require lowercase characters for IAM user passwords.
Boolean allowUsersToChangePassword
Specifies whether IAM users are allowed to change their own password.
Boolean expirePasswords
Indicates whether passwords in the account expire. Returns true if MaxPasswordAge is contains a value greater than 0. Returns false if MaxPasswordAge is 0 or not present.
Integer maxPasswordAge
The number of days that an IAM user password is valid.
Integer passwordReusePrevention
Specifies the number of previous passwords that IAM users are prevented from reusing.
Boolean hardExpiry
Specifies whether IAM users are prevented from setting a new password after their password has expired.
String policyName
The friendly name (not ARN) identifying the policy.
String policyId
The stable and unique string identifying the policy.
For more information about IDs, see IAM Identifiers in the Using IAM guide.
String arn
String path
The path to the policy.
For more information about paths, see IAM Identifiers in the Using IAM guide.
String defaultVersionId
The identifier for the version of the policy that is set as the default version.
Integer attachmentCount
The number of entities (users, groups, and roles) that the policy is attached to.
Boolean isAttachable
Specifies whether the policy can be attached to an IAM user, group, or role.
String description
A friendly description of the policy.
This element is included in the response to the GetPolicy operation. It is not included in the response to the ListPolicies operation.
Date createDate
The date and time, in ISO 8601 date-time format, when the policy was created.
Date updateDate
The date and time, in ISO 8601 date-time format, when the policy was last updated.
When a policy has only one version, this field contains the date and time when the policy was created. When a policy has more than one version, this field contains the date and time when the most recent policy version was created.
String groupName
The name (friendly name, not ARN) identifying the group.
String groupId
The stable and unique string identifying the group. For more information about IDs, see IAM Identifiers in the IAM User Guide.
String roleName
The name (friendly name, not ARN) identifying the role.
String roleId
The stable and unique string identifying the role. For more information about IDs, see IAM Identifiers in the IAM User Guide.
String userName
The name (friendly name, not ARN) identifying the user.
String userId
The stable and unique string identifying the user. For more information about IDs, see IAM Identifiers in the IAM User Guide.
String document
The policy document.
The policy document is returned in the response to the GetPolicyVersion and GetAccountAuthorizationDetails operations. It is not returned in the response to the CreatePolicyVersion or ListPolicyVersions operations.
String versionId
The identifier for the policy version.
Policy version identifiers always begin with v (always lowercase). When a policy is created, the
first policy version is v1.
Boolean isDefaultVersion
Specifies whether the policy version is set as the policy's default version.
Date createDate
The date and time, in ISO 8601 date-time format, when the policy version was created.
String groupName
The name of the group to associate the policy with.
This parameter allows (per its regex pattern) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: =,.@-
String policyName
The name of the policy document.
This parameter allows (per its regex pattern) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: =,.@-+
String policyDocument
The policy document.
The regex pattern used to validate this parameter is a string of characters consisting of any printable ASCII character ranging from the space character ( ) through end of the ASCII character range as well as the printable characters in the Basic Latin and Latin-1 Supplement character set (through ÿ). It also includes the special characters tab ( ), line feed ( ), and carriage return ( ).
String roleName
The name of the role to associate the policy with.
This parameter allows (per its regex pattern) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-
String policyName
The name of the policy document.
This parameter allows (per its regex pattern) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: =,.@-+
String policyDocument
The policy document.
The regex pattern used to validate this parameter is a string of characters consisting of any printable ASCII character ranging from the space character ( ) through end of the ASCII character range as well as the printable characters in the Basic Latin and Latin-1 Supplement character set (through ÿ). It also includes the special characters tab ( ), line feed ( ), and carriage return ( ).
String userName
The name of the user to associate the policy with.
This parameter allows (per its regex pattern) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: =,.@-
String policyName
The name of the policy document.
This parameter allows (per its regex pattern) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: =,.@-+
String policyDocument
The policy document.
The regex pattern used to validate this parameter is a string of characters consisting of any printable ASCII character ranging from the space character ( ) through end of the ASCII character range as well as the printable characters in the Basic Latin and Latin-1 Supplement character set (through ÿ). It also includes the special characters tab ( ), line feed ( ), and carriage return ( ).
String openIDConnectProviderArn
The Amazon Resource Name (ARN) of the IAM OIDC provider resource to remove the client ID from. You can get a list of OIDC provider ARNs by using the ListOpenIDConnectProviders action.
For more information about ARNs, see Amazon Resource Names (ARNs) and AWS Service Namespaces in the AWS General Reference.
String clientID
The client ID (also known as audience) to remove from the IAM OIDC provider resource. For more information about client IDs, see CreateOpenIDConnectProvider.
String instanceProfileName
The name of the instance profile to update.
This parameter allows (per its regex pattern) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: =,.@-
String roleName
The name of the role to remove.
This parameter allows (per its regex pattern) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-
String groupName
The name of the group to update.
This parameter allows (per its regex pattern) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: =,.@-
String userName
The name of the user to remove.
This parameter allows (per its regex pattern) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: =,.@-
String userName
The name of the IAM user associated with the service-specific credential. If this value is not specified, then the operation assumes the user whose credentials are used to call the operation.
This parameter allows (per its regex pattern) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: =,.@-
String serviceSpecificCredentialId
The unique identifier of the service-specific credential.
This parameter allows (per its regex pattern) a string of characters that can consist of any upper or lowercased letter or digit.
ServiceSpecificCredential serviceSpecificCredential
A structure with details about the updated service-specific credential, including the new password.
This is the only time that you can access the password. You cannot recover the password later, but you can reset it again.
String evalResourceName
The name of the simulated resource, in Amazon Resource Name (ARN) format.
String evalResourceDecision
The result of the simulation of the simulated API action on the resource specified in
EvalResourceName.
SdkInternalList<T> matchedStatements
A list of the statements in the input policies that determine the result for this part of the simulation. Remember that even if multiple statements allow the action on the resource, if any statement denies that action, then the explicit deny overrides any allow, and the deny statement is the only entry included in the result.
SdkInternalList<T> missingContextValues
A list of context keys that are required by the included input policies but that were not provided by one of the
input parameters. This list is used when a list of ARNs is included in the ResourceArns parameter
instead of "*". If you do not specify individual resources, by setting ResourceArns to "*" or by not
including the ResourceArns parameter, then any missing context values are instead included under the
EvaluationResults section. To discover the context keys used by a set of policies, you can call
GetContextKeysForCustomPolicy or GetContextKeysForPrincipalPolicy.
SdkInternalMap<K,V> evalDecisionDetails
Additional details about the results of the evaluation decision. When there are both IAM policies and resource policies, this parameter explains how each set of policies contributes to the final evaluation decision. When simulating cross-account access to a resource, both the resource-based policy and the caller's IAM policy must grant access.
String userName
The name of the user whose MFA device you want to resynchronize.
This parameter allows (per its regex pattern) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: =,.@-
String serialNumber
Serial number that uniquely identifies the MFA device.
This parameter allows (per its regex pattern) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: =,.@-
String authenticationCode1
An authentication code emitted by the device.
The format for this parameter is a sequence of six digits.
String authenticationCode2
A subsequent authentication code emitted by the device.
The format for this parameter is a sequence of six digits.
String path
The path to the role. For more information about paths, see IAM Identifiers in the Using IAM guide.
String roleName
The friendly name that identifies the role.
String roleId
The stable and unique string identifying the role. For more information about IDs, see IAM Identifiers in the Using IAM guide.
String arn
The Amazon Resource Name (ARN) specifying the role. For more information about ARNs and how to use them in policies, see IAM Identifiers in the IAM User Guide guide.
Date createDate
The date and time, in ISO 8601 date-time format, when the role was created.
String assumeRolePolicyDocument
The policy that grants an entity permission to assume the role.
String description
A description of the role that you provide.
String path
The path to the role. For more information about paths, see IAM Identifiers in the Using IAM guide.
String roleName
The friendly name that identifies the role.
String roleId
The stable and unique string identifying the role. For more information about IDs, see IAM Identifiers in the Using IAM guide.
String arn
Date createDate
The date and time, in ISO 8601 date-time format, when the role was created.
String assumeRolePolicyDocument
The trust policy that grants permission to assume the role.
SdkInternalList<T> instanceProfileList
A list of instance profiles that contain this role.
SdkInternalList<T> rolePolicyList
A list of inline policies embedded in the role. These policies are the role's access (permissions) policies.
SdkInternalList<T> attachedManagedPolicies
A list of managed policies attached to the role. These policies are the role's access (permissions) policies.
String region
The name of the region where the service-linked role is being used.
SdkInternalList<T> resources
The name of the resource that is using the service-linked role.
ServerCertificateMetadata serverCertificateMetadata
The meta information of the server certificate, such as its name, path, ID, and ARN.
String certificateBody
The contents of the public key certificate.
String certificateChain
The contents of the public key certificate chain.
String path
The path to the server certificate. For more information about paths, see IAM Identifiers in the Using IAM guide.
String serverCertificateName
The name that identifies the server certificate.
String serverCertificateId
The stable and unique string identifying the server certificate. For more information about IDs, see IAM Identifiers in the Using IAM guide.
String arn
The Amazon Resource Name (ARN) specifying the server certificate. For more information about ARNs and how to use them in policies, see IAM Identifiers in the Using IAM guide.
Date uploadDate
The date when the server certificate was uploaded.
Date expiration
The date on which the certificate is set to expire.
Date createDate
The date and time, in ISO 8601 date-time format, when the service-specific credential were created.
String serviceName
The name of the service associated with the service-specific credential.
String serviceUserName
The generated user name for the service-specific credential. This value is generated by combining the IAM user's
name combined with the ID number of the AWS account, as in jane-at-123456789012, for example. This
value cannot be configured by the user.
String servicePassword
The generated password for the service-specific credential.
String serviceSpecificCredentialId
The unique identifier for the service-specific credential.
String userName
The name of the IAM user associated with the service-specific credential.
String status
The status of the service-specific credential. Active means the key is valid for API calls, while
Inactive means it is not.
String userName
The name of the IAM user associated with the service-specific credential.
String status
The status of the service-specific credential. Active means the key is valid for API calls, while
Inactive means it is not.
String serviceUserName
The generated user name for the service-specific credential.
Date createDate
The date and time, in ISO 8601 date-time format, when the service-specific credential were created.
String serviceSpecificCredentialId
The unique identifier for the service-specific credential.
String serviceName
The name of the service associated with the service-specific credential.
String policyArn
The Amazon Resource Name (ARN) of the IAM policy whose default version you want to set.
For more information about ARNs, see Amazon Resource Names (ARNs) and AWS Service Namespaces in the AWS General Reference.
String versionId
The version of the policy to set as the default (operative) version.
For more information about managed policy versions, see Versioning for Managed Policies in the IAM User Guide.
String userName
The name of the user the signing certificate is associated with.
String certificateId
The ID for the signing certificate.
String certificateBody
The contents of the signing certificate.
String status
The status of the signing certificate. Active means the key is valid for API calls, while
Inactive means it is not.
Date uploadDate
The date when the signing certificate was uploaded.
SdkInternalList<T> policyInputList
A list of policy documents to include in the simulation. Each document is specified as a string containing the
complete, valid JSON text of an IAM policy. Do not include any resource-based policies in this parameter. Any
resource-based policy must be submitted with the ResourcePolicy parameter. The policies cannot be
"scope-down" policies, such as you could include in a call to GetFederationToken or
one of the AssumeRole APIs
to restrict what a user can do while using the temporary credentials.
The regex pattern used to validate this parameter is a string of characters consisting of any printable ASCII character ranging from the space character ( ) through end of the ASCII character range as well as the printable characters in the Basic Latin and Latin-1 Supplement character set (through ÿ). It also includes the special characters tab ( ), line feed ( ), and carriage return ( ).
SdkInternalList<T> actionNames
A list of names of API actions to evaluate in the simulation. Each action is evaluated against each resource.
Each action must include the service identifier, such as iam:CreateUser.
SdkInternalList<T> resourceArns
A list of ARNs of AWS resources to include in the simulation. If this parameter is not provided then the value
defaults to * (all resources). Each API in the ActionNames parameter is evaluated for
each resource in this list. The simulation determines the access result (allowed or denied) of each combination
and reports it in the response.
The simulation does not automatically retrieve policies for the specified resources. If you want to include a
resource policy in the simulation, then you must include the policy as a string in the
ResourcePolicy parameter.
If you include a ResourcePolicy, then it must be applicable to all of the resources included in the
simulation or you receive an invalid input error.
For more information about ARNs, see Amazon Resource Names (ARNs) and AWS Service Namespaces in the AWS General Reference.
String resourcePolicy
A resource-based policy to include in the simulation provided as a string. Each resource in the simulation is treated as if it had this policy attached. You can include only one resource-based policy in a simulation.
The regex pattern used to validate this parameter is a string of characters consisting of any printable ASCII character ranging from the space character ( ) through end of the ASCII character range as well as the printable characters in the Basic Latin and Latin-1 Supplement character set (through ÿ). It also includes the special characters tab ( ), line feed ( ), and carriage return ( ).
String resourceOwner
An AWS account ID that specifies the owner of any simulated resource that does not identify its owner in the
resource ARN, such as an S3 bucket or object. If ResourceOwner is specified, it is also used as the
account owner of any ResourcePolicy included in the simulation. If the ResourceOwner
parameter is not specified, then the owner of the resources and the resource policy defaults to the account of
the identity provided in CallerArn. This parameter is required only if you specify a resource-based
policy and account that owns the resource is different from the account that owns the simulated calling user
CallerArn.
String callerArn
The ARN of the IAM user that you want to use as the simulated caller of the APIs. CallerArn is
required if you include a ResourcePolicy so that the policy's Principal element has a
value to use in evaluating the policy.
You can specify only the ARN of an IAM user. You cannot specify the ARN of an assumed role, federated user, or a service principal.
SdkInternalList<T> contextEntries
A list of context keys and corresponding values for the simulation to use. Whenever a context key is evaluated in one of the simulated IAM permission policies, the corresponding value is supplied.
String resourceHandlingOption
Specifies the type of simulation to run. Different APIs that support resource-based policies require different combinations of resources. By specifying the type of simulation to run, you enable the policy simulator to enforce the presence of the required resources to ensure reliable simulation results. If your simulation does not match one of the following scenarios, then you can omit this parameter. The following list shows each of the supported scenario values and the resources that you must define to run the simulation.
Each of the EC2 scenarios requires that you specify instance, image, and security-group resources. If your scenario includes an EBS volume, then you must specify that volume as a resource. If the EC2 scenario includes VPC, then you must supply the network-interface resource. If it includes an IP subnet, then you must specify the subnet resource. For more information on the EC2 scenario options, see Supported Platforms in the AWS EC2 User Guide.
EC2-Classic-InstanceStore
instance, image, security-group
EC2-Classic-EBS
instance, image, security-group, volume
EC2-VPC-InstanceStore
instance, image, security-group, network-interface
EC2-VPC-InstanceStore-Subnet
instance, image, security-group, network-interface, subnet
EC2-VPC-EBS
instance, image, security-group, network-interface, volume
EC2-VPC-EBS-Subnet
instance, image, security-group, network-interface, subnet, volume
Integer maxItems
(Optional) Use this only when paginating results to indicate the maximum number of items you want in the
response. If additional items exist beyond the maximum you specify, the IsTruncated response element
is true.
If you do not include this parameter, it defaults to 100. Note that IAM might return fewer results, even when
there are more results available. In that case, the IsTruncated response element returns
true and Marker contains a value to include in the subsequent call that tells the
service where to continue from.
String marker
Use this parameter only when paginating results and only after you receive a response indicating that the results
are truncated. Set it to the value of the Marker element in the response that you received to
indicate where the next call should start.
SdkInternalList<T> evaluationResults
The results of the simulation.
Boolean isTruncated
A flag that indicates whether there are more items to return. If your results were truncated, you can make a
subsequent pagination request using the Marker request parameter to retrieve more items. Note that
IAM might return fewer than the MaxItems number of results even when there are more results
available. We recommend that you check IsTruncated after every call to ensure that you receive all
of your results.
String marker
When IsTruncated is true, this element is present and contains the value to use for the
Marker parameter in a subsequent pagination request.
String policySourceArn
The Amazon Resource Name (ARN) of a user, group, or role whose policies you want to include in the simulation. If you specify a user, group, or role, the simulation includes all policies that are associated with that entity. If you specify a user, the simulation also includes all policies that are attached to any groups the user belongs to.
For more information about ARNs, see Amazon Resource Names (ARNs) and AWS Service Namespaces in the AWS General Reference.
SdkInternalList<T> policyInputList
An optional list of additional policy documents to include in the simulation. Each document is specified as a string containing the complete, valid JSON text of an IAM policy.
The regex pattern used to validate this parameter is a string of characters consisting of any printable ASCII character ranging from the space character ( ) through end of the ASCII character range as well as the printable characters in the Basic Latin and Latin-1 Supplement character set (through ÿ). It also includes the special characters tab ( ), line feed ( ), and carriage return ( ).
SdkInternalList<T> actionNames
A list of names of API actions to evaluate in the simulation. Each action is evaluated for each resource. Each
action must include the service identifier, such as iam:CreateUser.
SdkInternalList<T> resourceArns
A list of ARNs of AWS resources to include in the simulation. If this parameter is not provided then the value
defaults to * (all resources). Each API in the ActionNames parameter is evaluated for
each resource in this list. The simulation determines the access result (allowed or denied) of each combination
and reports it in the response.
The simulation does not automatically retrieve policies for the specified resources. If you want to include a
resource policy in the simulation, then you must include the policy as a string in the
ResourcePolicy parameter.
For more information about ARNs, see Amazon Resource Names (ARNs) and AWS Service Namespaces in the AWS General Reference.
String resourcePolicy
A resource-based policy to include in the simulation provided as a string. Each resource in the simulation is treated as if it had this policy attached. You can include only one resource-based policy in a simulation.
The regex pattern used to validate this parameter is a string of characters consisting of any printable ASCII character ranging from the space character ( ) through end of the ASCII character range as well as the printable characters in the Basic Latin and Latin-1 Supplement character set (through ÿ). It also includes the special characters tab ( ), line feed ( ), and carriage return ( ).
String resourceOwner
An AWS account ID that specifies the owner of any simulated resource that does not identify its owner in the
resource ARN, such as an S3 bucket or object. If ResourceOwner is specified, it is also used as the
account owner of any ResourcePolicy included in the simulation. If the ResourceOwner
parameter is not specified, then the owner of the resources and the resource policy defaults to the account of
the identity provided in CallerArn. This parameter is required only if you specify a resource-based
policy and account that owns the resource is different from the account that owns the simulated calling user
CallerArn.
String callerArn
The ARN of the IAM user that you want to specify as the simulated caller of the APIs. If you do not specify a
CallerArn, it defaults to the ARN of the user that you specify in PolicySourceArn, if
you specified a user. If you include both a PolicySourceArn (for example,
arn:aws:iam::123456789012:user/David) and a CallerArn (for example,
arn:aws:iam::123456789012:user/Bob), the result is that you simulate calling the APIs as Bob, as if
Bob had David's policies.
You can specify only the ARN of an IAM user. You cannot specify the ARN of an assumed role, federated user, or a service principal.
CallerArn is required if you include a ResourcePolicy and the
PolicySourceArn is not the ARN for an IAM user. This is required so that the resource-based policy's
Principal element has a value to use in evaluating the policy.
For more information about ARNs, see Amazon Resource Names (ARNs) and AWS Service Namespaces in the AWS General Reference.
SdkInternalList<T> contextEntries
A list of context keys and corresponding values for the simulation to use. Whenever a context key is evaluated in one of the simulated IAM permission policies, the corresponding value is supplied.
String resourceHandlingOption
Specifies the type of simulation to run. Different APIs that support resource-based policies require different combinations of resources. By specifying the type of simulation to run, you enable the policy simulator to enforce the presence of the required resources to ensure reliable simulation results. If your simulation does not match one of the following scenarios, then you can omit this parameter. The following list shows each of the supported scenario values and the resources that you must define to run the simulation.
Each of the EC2 scenarios requires that you specify instance, image, and security-group resources. If your scenario includes an EBS volume, then you must specify that volume as a resource. If the EC2 scenario includes VPC, then you must supply the network-interface resource. If it includes an IP subnet, then you must specify the subnet resource. For more information on the EC2 scenario options, see Supported Platforms in the AWS EC2 User Guide.
EC2-Classic-InstanceStore
instance, image, security-group
EC2-Classic-EBS
instance, image, security-group, volume
EC2-VPC-InstanceStore
instance, image, security-group, network-interface
EC2-VPC-InstanceStore-Subnet
instance, image, security-group, network-interface, subnet
EC2-VPC-EBS
instance, image, security-group, network-interface, volume
EC2-VPC-EBS-Subnet
instance, image, security-group, network-interface, subnet, volume
Integer maxItems
(Optional) Use this only when paginating results to indicate the maximum number of items you want in the
response. If additional items exist beyond the maximum you specify, the IsTruncated response element
is true.
If you do not include this parameter, it defaults to 100. Note that IAM might return fewer results, even when
there are more results available. In that case, the IsTruncated response element returns
true and Marker contains a value to include in the subsequent call that tells the
service where to continue from.
String marker
Use this parameter only when paginating results and only after you receive a response indicating that the results
are truncated. Set it to the value of the Marker element in the response that you received to
indicate where the next call should start.
SdkInternalList<T> evaluationResults
The results of the simulation.
Boolean isTruncated
A flag that indicates whether there are more items to return. If your results were truncated, you can make a
subsequent pagination request using the Marker request parameter to retrieve more items. Note that
IAM might return fewer than the MaxItems number of results even when there are more results
available. We recommend that you check IsTruncated after every call to ensure that you receive all
of your results.
String marker
When IsTruncated is true, this element is present and contains the value to use for the
Marker parameter in a subsequent pagination request.
String userName
The name of the IAM user associated with the SSH public key.
String sSHPublicKeyId
The unique identifier for the SSH public key.
String fingerprint
The MD5 message digest of the SSH public key.
String sSHPublicKeyBody
The SSH public key.
String status
The status of the SSH public key. Active means the key can be used for authentication with an AWS
CodeCommit repository. Inactive means the key cannot be used.
Date uploadDate
The date and time, in ISO 8601 date-time format, when the SSH public key was uploaded.
String userName
The name of the IAM user associated with the SSH public key.
String sSHPublicKeyId
The unique identifier for the SSH public key.
String status
The status of the SSH public key. Active means the key can be used for authentication with an AWS
CodeCommit repository. Inactive means the key cannot be used.
Date uploadDate
The date and time, in ISO 8601 date-time format, when the SSH public key was uploaded.
String sourcePolicyId
The identifier of the policy that was provided as an input.
String sourcePolicyType
The type of the policy.
Position startPosition
The row and column of the beginning of the Statement in an IAM policy.
Position endPosition
The row and column of the end of a Statement in an IAM policy.
String userName
The name of the user whose key you want to update.
This parameter allows (per its regex pattern) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: =,.@-
String accessKeyId
The access key ID of the secret access key you want to update.
This parameter allows (per its regex pattern) a string of characters that can consist of any upper or lowercased letter or digit.
String status
The status you want to assign to the secret access key. Active means the key can be used for API
calls to AWS, while Inactive means the key cannot be used.
Integer minimumPasswordLength
The minimum number of characters allowed in an IAM user password.
Default value: 6
Boolean requireSymbols
Specifies whether IAM user passwords must contain at least one of the following non-alphanumeric characters:
! @ # $ % ^ & * ( ) _ + - = [ ] { } | '
Default value: false
Boolean requireNumbers
Specifies whether IAM user passwords must contain at least one numeric character (0 to 9).
Default value: false
Boolean requireUppercaseCharacters
Specifies whether IAM user passwords must contain at least one uppercase character from the ISO basic Latin alphabet (A to Z).
Default value: false
Boolean requireLowercaseCharacters
Specifies whether IAM user passwords must contain at least one lowercase character from the ISO basic Latin alphabet (a to z).
Default value: false
Boolean allowUsersToChangePassword
Allows all IAM users in your account to use the AWS Management Console to change their own passwords. For more information, see Letting IAM Users Change Their Own Passwords in the IAM User Guide.
Default value: false
Integer maxPasswordAge
The number of days that an IAM user password is valid. The default value of 0 means IAM user passwords never expire.
Default value: 0
Integer passwordReusePrevention
Specifies the number of previous passwords that IAM users are prevented from reusing. The default value of 0 means IAM users are not prevented from reusing previous passwords.
Default value: 0
Boolean hardExpiry
Prevents IAM users from setting a new password after their password has expired.
Default value: false
String roleName
The name of the role to update with the new policy.
This parameter allows (per its regex pattern) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-
String policyDocument
The policy that grants an entity permission to assume the role.
The regex pattern used to validate this parameter is a string of characters consisting of any printable ASCII character ranging from the space character ( ) through end of the ASCII character range as well as the printable characters in the Basic Latin and Latin-1 Supplement character set (through ÿ). It also includes the special characters tab ( ), line feed ( ), and carriage return ( ).
String groupName
Name of the IAM group to update. If you're changing the name of the group, this is the original name.
This parameter allows (per its regex pattern) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: =,.@-
String newPath
New path for the IAM group. Only include this if changing the group's path.
This paramater allows (per its regex pattern) a string of characters consisting of either a forward slash (/) by itself or a string that must begin and end with forward slashes, containing any ASCII character from the ! (!) thru the DEL character (), including most punctuation characters, digits, and upper and lowercased letters.
String newGroupName
New name for the IAM group. Only include this if changing the group's name.
This parameter allows (per its regex pattern) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: =,.@-
String userName
The name of the user whose password you want to update.
This parameter allows (per its regex pattern) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: =,.@-
String password
The new password for the specified IAM user.
The regex pattern used to validate this parameter is a string of characters consisting of any printable ASCII character ranging from the space character ( ) through end of the ASCII character range as well as the printable characters in the Basic Latin and Latin-1 Supplement character set (through ÿ). It also includes the special characters tab ( ), line feed ( ), and carriage return ( ). However, the format can be further restricted by the account administrator by setting a password policy on the AWS account. For more information, see UpdateAccountPasswordPolicy.
Boolean passwordResetRequired
Allows this new password to be used only once by requiring the specified IAM user to set a new password on next sign-in.
String openIDConnectProviderArn
The Amazon Resource Name (ARN) of the IAM OIDC provider resource object for which you want to update the thumbprint. You can get a list of OIDC provider ARNs by using the ListOpenIDConnectProviders action.
For more information about ARNs, see Amazon Resource Names (ARNs) and AWS Service Namespaces in the AWS General Reference.
SdkInternalList<T> thumbprintList
A list of certificate thumbprints that are associated with the specified IAM OpenID Connect provider. For more information, see CreateOpenIDConnectProvider.
Role role
A structure that contains details about the modified role.
String sAMLMetadataDocument
An XML document generated by an identity provider (IdP) that supports SAML 2.0. The document includes the issuer's name, expiration information, and keys that can be used to validate the SAML authentication response (assertions) that are received from the IdP. You must generate the metadata document using the identity management software that is used as your organization's IdP.
String sAMLProviderArn
The Amazon Resource Name (ARN) of the SAML provider to update.
For more information about ARNs, see Amazon Resource Names (ARNs) and AWS Service Namespaces in the AWS General Reference.
String sAMLProviderArn
The Amazon Resource Name (ARN) of the SAML provider that was updated.
String serverCertificateName
The name of the server certificate that you want to update.
This parameter allows (per its regex pattern) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: =,.@-
String newPath
The new path for the server certificate. Include this only if you are updating the server certificate's path.
This paramater allows (per its regex pattern) a string of characters consisting of either a forward slash (/) by itself or a string that must begin and end with forward slashes, containing any ASCII character from the ! (!) thru the DEL character (), including most punctuation characters, digits, and upper and lowercased letters.
String newServerCertificateName
The new name for the server certificate. Include this only if you are updating the server certificate's name. The name of the certificate cannot contain any spaces.
This parameter allows (per its regex pattern) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: =,.@-
String userName
The name of the IAM user associated with the service-specific credential. If you do not specify this value, then the operation assumes the user whose credentials are used to call the operation.
This parameter allows (per its regex pattern) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: =,.@-
String serviceSpecificCredentialId
The unique identifier of the service-specific credential.
This parameter allows (per its regex pattern) a string of characters that can consist of any upper or lowercased letter or digit.
String status
The status to be assigned to the service-specific credential.
String userName
The name of the IAM user the signing certificate belongs to.
This parameter allows (per its regex pattern) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: =,.@-
String certificateId
The ID of the signing certificate you want to update.
This parameter allows (per its regex pattern) a string of characters that can consist of any upper or lowercased letter or digit.
String status
The status you want to assign to the certificate. Active means the certificate can be used for API
calls to AWS, while Inactive means the certificate cannot be used.
String userName
The name of the IAM user associated with the SSH public key.
This parameter allows (per its regex pattern) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: =,.@-
String sSHPublicKeyId
The unique identifier for the SSH public key.
This parameter allows (per its regex pattern) a string of characters that can consist of any upper or lowercased letter or digit.
String status
The status to assign to the SSH public key. Active means the key can be used for authentication with
an AWS CodeCommit repository. Inactive means the key cannot be used.
String userName
Name of the user to update. If you're changing the name of the user, this is the original user name.
This parameter allows (per its regex pattern) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: =,.@-
String newPath
New path for the IAM user. Include this parameter only if you're changing the user's path.
This paramater allows (per its regex pattern) a string of characters consisting of either a forward slash (/) by itself or a string that must begin and end with forward slashes, containing any ASCII character from the ! (!) thru the DEL character (), including most punctuation characters, digits, and upper and lowercased letters.
String newUserName
New name for the user. Include this parameter only if you're changing the user's name.
This parameter allows (per its regex pattern) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: =,.@-
String path
The path for the server certificate. For more information about paths, see IAM Identifiers in the IAM User Guide.
This parameter is optional. If it is not included, it defaults to a slash (/). This paramater allows (per its regex pattern) a string of characters consisting of either a forward slash (/) by itself or a string that must begin and end with forward slashes, containing any ASCII character from the ! (!) thru the DEL character (), including most punctuation characters, digits, and upper and lowercased letters.
If you are uploading a server certificate specifically for use with Amazon CloudFront distributions, you must
specify a path using the --path option. The path must begin with /cloudfront and must
include a trailing slash (for example, /cloudfront/test/).
String serverCertificateName
The name for the server certificate. Do not include the path in this value. The name of the certificate cannot contain any spaces.
This parameter allows (per its regex pattern) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: =,.@-
String certificateBody
The contents of the public key certificate in PEM-encoded format.
The regex pattern used to validate this parameter is a string of characters consisting of any printable ASCII character ranging from the space character ( ) through end of the ASCII character range as well as the printable characters in the Basic Latin and Latin-1 Supplement character set (through ÿ). It also includes the special characters tab ( ), line feed ( ), and carriage return ( ).
String privateKey
The contents of the private key in PEM-encoded format.
The regex pattern used to validate this parameter is a string of characters consisting of any printable ASCII character ranging from the space character ( ) through end of the ASCII character range as well as the printable characters in the Basic Latin and Latin-1 Supplement character set (through ÿ). It also includes the special characters tab ( ), line feed ( ), and carriage return ( ).
String certificateChain
The contents of the certificate chain. This is typically a concatenation of the PEM-encoded public key certificates of the chain.
The regex pattern used to validate this parameter is a string of characters consisting of any printable ASCII character ranging from the space character ( ) through end of the ASCII character range as well as the printable characters in the Basic Latin and Latin-1 Supplement character set (through ÿ). It also includes the special characters tab ( ), line feed ( ), and carriage return ( ).
ServerCertificateMetadata serverCertificateMetadata
The meta information of the uploaded server certificate without its certificate body, certificate chain, and private key.
String userName
The name of the user the signing certificate is for.
This parameter allows (per its regex pattern) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: =,.@-
String certificateBody
The contents of the signing certificate.
The regex pattern used to validate this parameter is a string of characters consisting of any printable ASCII character ranging from the space character ( ) through end of the ASCII character range as well as the printable characters in the Basic Latin and Latin-1 Supplement character set (through ÿ). It also includes the special characters tab ( ), line feed ( ), and carriage return ( ).
SigningCertificate certificate
Information about the certificate.
String userName
The name of the IAM user to associate the SSH public key with.
This parameter allows (per its regex pattern) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: =,.@-
String sSHPublicKeyBody
The SSH public key. The public key must be encoded in ssh-rsa format or PEM format.
The regex pattern used to validate this parameter is a string of characters consisting of any printable ASCII character ranging from the space character ( ) through end of the ASCII character range as well as the printable characters in the Basic Latin and Latin-1 Supplement character set (through ÿ). It also includes the special characters tab ( ), line feed ( ), and carriage return ( ).
SSHPublicKey sSHPublicKey
Contains information about the SSH public key.
String path
The path to the user. For more information about paths, see IAM Identifiers in the Using IAM guide.
String userName
The friendly name identifying the user.
String userId
The stable and unique string identifying the user. For more information about IDs, see IAM Identifiers in the Using IAM guide.
String arn
The Amazon Resource Name (ARN) that identifies the user. For more information about ARNs and how to use ARNs in policies, see IAM Identifiers in the Using IAM guide.
Date createDate
The date and time, in ISO 8601 date-time format, when the user was created.
Date passwordLastUsed
The date and time, in ISO 8601 date-time format, when the user's password was last used to sign in to an AWS website. For a list of AWS websites that capture a user's last sign-in time, see the Credential Reports topic in the Using IAM guide. If a password is used more than once in a five-minute span, only the first use is returned in this field. If the field is null (no value) then it indicates that they never signed in with a password. This can be because:
The user never had a password.
A password exists but has not been used since IAM started tracking this information on October 20th, 2014.
A null does not mean that the user never had a password. Also, if the user does not currently have a password, but had one in the past, then this field contains the date and time the most recent password was used.
This value is returned only in the GetUser and ListUsers actions.
String path
The path to the user. For more information about paths, see IAM Identifiers in the Using IAM guide.
String userName
The friendly name identifying the user.
String userId
The stable and unique string identifying the user. For more information about IDs, see IAM Identifiers in the Using IAM guide.
String arn
Date createDate
The date and time, in ISO 8601 date-time format, when the user was created.
SdkInternalList<T> userPolicyList
A list of the inline policies embedded in the user.
SdkInternalList<T> groupList
A list of IAM groups that the user is in.
SdkInternalList<T> attachedManagedPolicies
A list of the managed policies attached to the user.
String serialNumber
The serial number associated with VirtualMFADevice.
ByteBuffer base32StringSeed
The Base32 seed defined as specified in RFC3548. The
Base32StringSeed is Base64-encoded.
ByteBuffer qRCodePNG
A QR code PNG image that encodes
otpauth://totp/$virtualMFADeviceName@$AccountName?secret=$Base32String where
$virtualMFADeviceName is one of the create call arguments, AccountName is the user name
if set (otherwise, the account ID otherwise), and Base32String is the seed in Base32 format. The
Base32String value is Base64-encoded.
User user
The IAM user associated with this virtual MFA device.
Date enableDate
The date and time on which the virtual MFA device was enabled.
Copyright © 2017. All rights reserved.